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Abstract 


We present a space- and time-optimal self-stabilizing algorithm, 
SSDS, for a given synchronization problem on asynchronous oriented 
chains. SSDS is uniform and works under the unfair distributed dae- 
mon. From SSDS we derive solutions for the local mutual exclusion 
and distributed sorting. Algorithm SSDS can also be used to ob- 
tain optimal space solutions for other problems such as broadcasting, 
leader election, and mutual exclusion. 


1 Motivation and Background 


Distributed algorithms aim to reduce the amount of communication among 
the nodes in the system (the number of messages exchanged for message- 
passing or the number of memory accesses — reading or writing into variables 
— for shared-memory model), while keeping a relative low memory require- 
ment per node and a low time complexity. Fault-tolerance is the ability of 
an algorithm to withstand transient faults (still perform its function), where 
by a fault we mean that the variables of some nodes are changed to some 
arbitrary values by some external action. Self-stabilization is the strongest 
case of fault-tolerance: An algorithm is self-stabilizing when, “regardless of 
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its initial state, it is guaranteed to arrive at a legitimate state in a finite num- 
ber of steps.” (Dijkstra {1]) An algorithm which is not self-stabilizing may 
stay in a illegitimate state forever and never be able to perform its function. 
Self-stabilizing distributed algorithms aim to achieve performance compa- 
rable to non-stabilizing distributed algorithms in the presence of transient 
faults or an arbitrary initialization. Local mutual exclusion is a special 
case of the synchronization of nodes’ execution in which no two neighboring 
nodes can execute simultaneously. Given n arbitrary values, not necessarily 
distinct, and n-node oriented graph (e.g., oriented chain, rooted tree), each 
node holding a single value, sorting distributes the values among the nodes 
in the increasing order of the node topological position. For example, in an 
oriented chain network, the order is either from left to right or from right to 
left; for a rooted tree network, the order is either from the root to the leaves 
or from the leaves to the root. In this paper we consider sorting in a asyn- 
chronous oriented chain network. Given n values and n nodes arranged as 
a chain, sorting distributes the values among nodes in the increasing order 
from the leftmost to the rightmost node. 

In this paper, we propose a general synchronization scheme and space 
optimal solutions for the local mutual exclusion problem and distributed 
sorting on asynchronous oriented chains. In order to compute the time 
complexity of any algorithm running on an asynchronous system, we use 
the definition of a round [2]. A round is a minimal sequence of computation 
steps such that each process that was enabled in the first configuration of 
the sequence has executed at least once during the sequence. 

Related Work. Non fault-tolerant distributed sorting was studied 
in [3, 4, 5]. Flocchini et al. [3] analyze the relationship between sorting 
and election in an anonymous asynchronous ring. Sasaki [4, 5] gives time 
optimal (n — 1 steps) solutions to distributed sorting in a synchronous [4] 
and asynchronous oriented chain [5]. The space complexity per node is 
O(L), where L is the maximal size of the initial values. Initially, at each 
node copies of values are created and these copies are used for sorting. Both 
algorithms are non fault-tolerant: if a fault changes the values to the copy 
to some arbitrary value, the outputs of both algorithms are incorrect — the 
initial values are not sorted, but the erroneous ones instead. 

Fault-tolerant algorithms for synchronization and sorting are given in 
(6, 7]. A general fault-tolerant scheme for solving any synchronization prob- 
lem whose safety specification can be defined using a local property is given 
in [6]. A stabilizing min-heap algorithm that uses O(h) rounds and O(log L) 
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bits is given in [7], where h is the height of the heap. The drawback of this 
algorithm is that it assumes a stronger model in which a node can read and 
write into all its neighbors’ variables. 

Contributions. We consider the following synchronization problem: 
“Given an asynchronous system and a positive integer t > 0, find the min- 
imum positive integer T such that every node is enabled at least t times 
within T rounds, and whenever some node is enabled, all of its direct neigh- 
bors are disabled.” Our contribution is threefold. 

We propose a general self-stabilizing algorithm, SSDS (Figure 1), that 
solves this problem for an asynchronous oriented chain in minimum number 
of rounds. SSDS is optimal in space complexity, 7.e., it uses one bit space in 
every node, and is asymptotically optimal in time complexity, 7.e., within n— 
2+ 2t rounds every node will be enabled at least t times. For a synchronous 
oriented chain, after n — 1 steps, every node is enabled every other round. 

We use SSDS to derive an algorithm for the local mutual exclusion 
problem on asynchronous oriented chains, CME (Figure 5), that satisfies 
the strong safety property, i.e., in any configuration, there exists at least 
one privileged node; and distributed sorting in non-decreasing order from 
left to right. CME uses two bits per node and stabilizes in 0 rounds (it 
is snap-stabilizing [8, 9]). We also use SSDS to derive two algorithms for 
distributed sorting on asynchronous oriented chains. Algorithm S; (Figure 
7) is space optimal and time asymptotically optimal; it sorts the n values 
within 4(2n — 2) rounds and uses a total of three bits per node, thus an 
improvement over the algorithms of [4, 5]. Algorithm S2 (Figure 9) is almost 
time optimal; it sorts the n values within 2n — 1 rounds (the minimum 
number of rounds required is 2n — 2) and uses L + 1 bits per node, where L 
is the maximum size of the initial values in the chain. 

Outline of the paper. Section 2 contains some preliminary notions 
and the synchronization problem. Algorithm SSDS is given in Section 
3. Algorithm L£ME is in Section 4. In Section 5 we start with a sorting 
algorithm in the EREW* (exclusive read, exclusive write) model, Algorithm 
A_S; (Figure 6). Using the shared memory model of communication we then 
present a sorting algorithm that uses a constant number of bits (Algorithm 
S,, Figure 7) and almost minimum number of rounds (Algorithm S2, Figure 
9). In Section 6 we show why Algorithm SSDS cannot work under the 
read/write atomicity model without increasing the memory requirement per 
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node. We finish with concluding remarks in Section 7 and acknowledgments. 


2 Preliminaries 


We consider an asynchronous bi-directional, oriented chain of n nodes’. 
Each node v has a finite set of variables of various types and can distinguish 
between its left (J,) and its right (r,) neighbor. The left-right orientation 
is consistent among all nodes in the network. Let L and R be the leftmost, 
respectively rightmost node. If a node v has only one neighbor, the value 
of the missing neighbor is represented as _L. 

Nodes communicate with each other by shared memory: A node can 
read and write into its own variables, but can only read the variables of its 
neighbors. The state of a node is the set of the values of its variables. A 
system state (or configuration) is simply a choice of a state for each node. 
An execution is a finite or infinite sequence of configurations, of maximum 
length. For any configuration c, let E, be the set of all executions that start 
from configuration c, i.e. the starting configuration of the algorithm is c. 

A node executes an algorithm that is a finite set of guarded actions of 
the form: (label) :: (guard) — (action). If all the nodes execute the same 
algorithm, then the algorithm is called uniform. The guard is a Boolean 
expression that involves the node’s variables and possibly the variables of its 
direct neighbors. The action is a finite set of statements that involve only 
the node’s variables. If an action has its guard evaluated to true, then it 
is called enabled. A node with at least one enabled action is called enabled 
node. If all the guards of the algorithm are mutually exclusive, then the 
algorithm is called deterministic. At the beginning of a computation step, a 
distributed daemon selects a non-empty subset of enabled nodes to execute; 
at the end of the computation step, all selected nodes have executed. The 
selected nodes are called privileged. Each privileged node executes exactly 
one of its enabled actions. The guard evaluation and the execution of the 
corresponding action are considered to be done in one atomic step. There are 
several types of distributed daemons, but the most common are the weakly 
fair and the unfair. With a weakly fair daemon, a continuously enabled node 
will eventually become privileged after a finite number of rounds. In this 
paper we consider the unfair daemon: a continuously enabled process may 
not be selected for execution unless it becomes the only enabled process. The 
unfair daemon is the strongest type of distributed daemon: a self-stabilizing 
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algorithm written under the unfair daemon will be self-stabilizing also under 
the weakly fair daemon, but not vice-versa. 


Definition 1 (Synchronization Problem) Given a system and a posi- 
tive integer k > 0, find the minimum positive integer T such that every node 
in the system is enabled to execute a given task at least k times within T 
rounds, and whenever a node is enabled, neither neighboring node is enabled. 


Given C, the set of all possible states, and a predicate P defined over 
a state in C, the predicate P is evaluated to either true or false for each 
state in C. Thus C is partitioned into two sets: one set that contains all 
the states for which P is true, which we denote by Lp, and one set that 
contains all the states for which P is false. The set Lp is called the set of 
all legitimate states with respect to P, or the set of all legitimate states when 
P is understood. The states not in Lp are called illegitimate. For various 
predicates P, the set of legitimate states varies. 

We present the notion of self-stabilization from [10], based on the notion 
of closed attractor [10]. Let Cy; and C2 be subsets of C. C2 is a closed 
attractor for C; if and only if both conditions are true: (i) for any initial 
state c, in C; and for any execution e starting from c,, e = C1, ¢2,.., there 
exists 7 > 1 such that for any j > i, cj; € Co, and (ii) any execution starting 
from a configuration in C2 reaches a configuration in C2. 

From [10] we have: Given a predicate P, an algorithm S is called 
self-stabilizing with respect to P (or simply, self-stabilizing, when P is un- 
derstood) if and only if Lp is a closed attractor for C. 


3 Algorithm SSDS 


Algorithm SSDS solves the synchronization problem presented in Definition 
1 for an oriented chain and some generic macro called execute. Macro 
execute(v) is an application specific task; e.g., accessing the critical section 
for local mutual exclusion, local sorting for distributed sorting. Each node 
holds a variable S € {A, B}, thus needs only 1 bit. For any node v, let S, Sj, 
and 5S; represent the S-value of node v, ly, and ry, respectively. Predicate 
check(v, s) checks if node v is exists, and if so, whether its S-value is s. 
The guarded actions ABB and BAA are enabled at node v when the 
following conditions are true: (i) either v has no left neighbor or the left 
neighbor’s S-value is different from its S-value, and (ii) either v has no right 
neighbor or the right neighbor’s S-value is the same as its S-value. 


17 


Predicate check(v, s) = (v= LV S.v = s) 


Actions for any node v 
ABB S=BAcheck(l,, A) \ check(ry,B) —> execute(v); S 
BAA S=ANAcheck(ly,B) A check(r,,A) —> execute(v) ;S 


Figure 1: Algorithm SSDS 
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(a) Starting configuration (b) After one step 
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(c) After two steps (d) After three steps 


Figure 2: Four steps in 7-node chain 


Consider a 7-node oriented chain with the starting configuration shown 
in Figure 2(a). We assume that all enabled nodes are selected by the dae- 
mon to execute in the same computation step; this is called a synchronous 
execution. In Figure 2(a), the odd-numbered nodes are enabled (from left 
to right the first, third, fifth, and seventh). At the end of one computa- 
tion step, the configuration reached is in Figure 2(b); the even-numbered 
nodes are enabled. After the second computation step, the configuration 
reached is in Figure 2(c); the odd-numbered nodes are enabled. After the 
third computation step, the configuration reached is in Figure 2(d); the 
even-numbered nodes are enabled. After the fourth computation step, the 
system reaches the configuration in Figure 2(a); this cycle repeats forever. 


3.1 Proof of Correctness for SSDS 


Algorithm SSDS stabilizes within n — 2 + 2k rounds to the predicate k- 
Exec = {Vk > 0 AT such that V node v : live(v,k,T) A safe(v)} where 
live(v,k,T)={v executes macro execute at least k times within T rounds} 
and safe(v) = { when v is enabled, no neighbor is enabled }. 

Th guards of Algorithm SSDS guarantee the following propositions: 


e Local mutual exclusion Whenever a node is enabled, no neighbors 
are enabled (Proposition 5). 
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e No deadlock There is always an enabled node (Proposition 6). 


e Fairness After a node executes, it becomes disabled and remains so 
until all its neighbors execute (Proposition 7). 


e No starvation - During the first n — 2 + 2k rounds, every node is 
enabled at least k times (Corollary 12 of Lemma 11). Thus T = 
n —2-+ 2k is the minimum number of rounds. 


SSDS works under the unfair distributed daemon (Proposition 14). 

If n = 1 and the node’s S = A, then the node alternately executes 
Actions BAA and ABB forever. We will assume n > 1 henceforth. 

A normal starting configuration is the n-length prefix of (AABB)”, 
which is a 4n-length string obtained by concatenating n copies of AABB. 
We note that in a normal starting configuration, the odd-numbered nodes 
are enabled (see Figure 2(a) for particular case n = 7). If the system has 
a synchronous execution, a normal starting configuration is reachable from 
any configuration within n — 1 steps. 

Any configuration of length n can be mapped to a unique binary (n—1)- 
bit string, called difference-string. 


Definition 2 Given an n-length configuration, C = S1,S2...Sn, a difference- 
string is the (n—1)-length binary string DSc = bbz... bn—1 such that b; = 0 
if S; = Si41, 1 otherwise. 


A given difference-string corresponds to two configurations. For ex- 
ample, the difference-string 101010100 corresponds to either configuration 
ABBAABBAAA or BAABBAABBB. 


Remark 3 Given a difference-string DS and a value S of some node, the 
corresponding configuration C is uniquely defined. 


Given a node v that is the i” node from the left (1 < i <n) anda 
configuration C, let 


b16;5 if 2<i<n-1 
DSc(v) =< bo if i=1 


bn. if t=n 


From the code of Algorithm SSDS, we observe that: 
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Observation 4 Given any configuration C: 

(i) Action ABB or BAA is enabled at the leftmost node L if and only if 
DSc(L) = 0 and the execution of the guard changes DSc(L) from 0 to 1. 
(ii) Action ABB or BAA is enabled at the rightmost node R if and only if 
DSc(v) = 1 and the execution of the guard changes DSc(v) from 1 to 0. 
(iii) For n > 2, Guarded action ABB or BAA is enabled at some node v 
other than L and R if and only if DSc(v) = 10 and the execution of either 
guard changes DSc(v) from 10 to 01. 


Proposition 5 For any configuration C and node v, if node v is enabled 
to execute then neither node l, nor ry (if they exist) is enabled. 


Proof. Assume node v is enabled. Based on its position in the chain we 
have three cases: 

1) v is the leftmost node L. If v is enabled, from Observation 4(7) 
we have DSo(v) = 0; thus DSc(ry) starts with a 0. From Observation 


start with a 1 for the node 7, to be enabled. Contradiction. 

2) vis the rightmost node R. If v is enabled, from Observation 4(i7) we 
have DSc(v) = 1; thus DSc(l,) ends with a 1. From Observation 4(i, zi), 
node l, is enabled if DSc(l,) € 0,10. Thus DSc(ry) should end with a 0 
for the node 1, to be enabled. Contradiction. 

3) v is a node other than LZ or R. If v is enabled, from Obser- 
vation 4(ii7) we have DSc(v) = 10; thus DSc¢(l,) ends with a 1 and 
DSc(rv) starts with a 0. From Observation 4(7,7iz), node 1, is enabled 
if DSc(ly) € {0,10}. Thus DSc(l,) should end with a 0; contradiction. 


DSc(ry) should start with a 1; contradiction. 


Proposition 6 In any configuration C' there exists at least one enabled 
node. 


Proof. Since DSc € (0+ 1)", we have three cases: 

1) If DSc starts with 0 then by Observation 4(7) the leftmost node L 
is enabled to execute. 

2) If DSc starts with a 1 and contains the substring 10 then, by Ob- 
servation 4(izi), some node v is enabled to execute. 

3) If DSc is 1” (starts with a 1 and does not contain the substring 10). 
Then DSc ends with 1 and, by Observation 4(7i) the rightmost node R is 
enabled to execute. 
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Proposition 7 For any node v, if node v is enabled and is selected by the 
daemon to execute, after it executes all v’s actions are disabled. 


Proof. From Observation 4(7,7i), if node v is either L or R, after it 
executes an enabled guard, it becomes disabled. From Observation 4(diz), 
a node v other than L or R is enabled if DSc(v) is 10. But once node v 
executes and configuration C' changes to configuration C’, then DScr(v) is 
01, so node v is disabled. 

In showing that by executing Algorithm SSDS on an oriented chain, 
after n — 1+ 2t rounds, every node is enabled at least t times, we need some 
additional notations, definitions and propositions. 

Given two nodes v and ry with S.v = a and S.r, = 6, by notation 
“qa — b” we denote that state b does not block state a from being enabled 
(in order for v being in state a to be enabled, S.r, has to be b). The notation 
a — b denotes that state a does not block state b from being enabled (in 
order for ry being in state b to be enabled, S.v has to be a). 

For example the guard of Action BAA can be re-written as B — A — 
A, and the guard of Action ABB can be re-written as A— B< B. 

We can use the above notation to define layers as follows. We start 
by fixing the layer of node L, then proceed the right of the chain. If node 
v is on a certain layer and S.v — S.r,, then ry is one layer higher. If 
S.v — S.ry then r, is one layer lower. A configuration has a sawtooth-like 
level ordering, where the peak nodes are the enabled ones. 

The difference-string of a given configuration is consistent with the 
orientations of the arrows between consecutive S values (1 for 7 and 0 for 
\\). For example, for the configuration BAAABBABABBBABAA of a 
16-node network, the levels are drawn in Figure 3. 


Figure 3: Configuration BAAABBABABBBABAA 


Definition 8 (Node Delay) Given a configuration, for each node v we 
define delay|v] to be an integer between 0 and n— 1, calculated recursively 
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as follows: (i) there exists at least one node whose delay is 0, and (ii) if 
delay[u] = d and node v is a neighbor of node u such that S.v — S.u then 
delay|v] = delay[u] + 1. If S.v — S.u then delay|v] = delay[u] — 1. 


The delay value of a node is the maximum number of rounds a node 
must wait until it becomes enabled. The delay values of the nodes in Figure 
3 are given in Figure 4. 


Figure 4: Delay values for configuration BAAABBABABBBABAA 


After a node executes, the arrows (or the arrow, for the chain extrem- 
ities) to that node are reversed. The delay values are then recalculated. 


Proposition 9 In any configuration, if w is a neighbor of v then delay|w] = 
delay|v] + 1. 


Proof. From Definition 8. 


Proposition 10 For any t > 0: 

(i) If S.v — S.ry then node v cannot execute its enabled guard for the t* 
time until ry has executed its enabled guard for the t*® time, and node ry 
cannot execute its enabled guard for the (t + 1)§* time until node v has 
executed its enabled guard for the t‘® time. 

(ii) If S.v — S.ry then node ry cannot execute its enabled guard for the t* 
time until node v has executed its enabled guard for the t‘® time, and node 
v cannot execute its enabled guard for the (t + 1)** time until node ry has 
executed its enabled guard for the t* time. 


Proof. In case i), in order for node v to be enabled, node r,, must change 
the orientation of the arrow between itself and node v. This will occur after 
node r, is enabled. By Proposition 7, after node r, executes its guard for 
the t'® time, it becomes disabled. Then for node r, to become enabled again 
and to execute its enabled guard for the (t+1)** time, node v has to execute 
(for the t*® time) and change the orientation of the arc toward node ry. 
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Case ii) is similar. 

Let do be the array of the delay values in the starting configuration, 
and Do be the maximum value of do. By the definition of array delay, 
1 < Do < n—1l. 


Lemma 11 For any node v and any value t > 0, node v executes t times 
within the first do[v] + 2t — 1 rounds. 


Proof. We define the predicate P(q) as follows: 

For any node v, for any t > 1, node v executes ¢ times within the first 
q rounds if g > do[v] + 2t — 1. 

We prove by induction on q > 1 that Predicate P(q) holds. 

Basic step q = 1. If q = 1, this implies that do|v] = 0 and t = 1. Since 
do{v] = 0, node v is currently enabled for the first time and it will execute 
within one round. 

Inductive step for q > 1, P(q—1) holds. We have that ¢ > do[v]+2t—1, 
and we must show that node v executes t times within the first q rounds. 

From the induction hypothesis, we have that node v has executed t — 1 
times within the first do[v] + 2t — 3 rounds. 

Let wu be the left neighbor of node v. (The proof for the right neighbor 
is similar.) From Proposition 9, do[u] = do|v] + 1. Thus we have two cases: 


1) do[u] = do[v] — 1. Since g > do/v] + 2t — 1, this implies that gq — 1 > 
do[v] — 1 + 2t — 1, and further q—1 > do[u] + 2 -—1. From the 
induction hypothesis, P(q—1) holds for every node, including node w. 
Thus node u executes ¢ times within g — 1 rounds. From Proposition 
10, node wu does not block node v from being enabled for the t** time 
during round gq. 


i) 
Ww 


do|u] = do[v] +1. Since g > do[v] + 2¢ — 1, this implies that q— 1 > 
do[v] + 1 + 2¢ — 3, and further g—1 > do[u] + 2(¢-—1) —1. From 
the induction hypothesis, P(q — 1) holds for every node, including 
node u. Thus node u executes t — 1 times within g — 1 rounds. From 
Proposition 10, node u does not block node v from being enabled for 
the t'® time during round q. 


Neither the left neighbor of v nor the right neighbor of v blocks node 
v from being enabled for the t*® time at the beginning of round g. Thus, 
node v is enabled at the beginning of round g and it will execute for the t'” 
time by the end of the round. 
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Corollary 12 For any node v and any value t > 0, during the first n—2+2k 
rounds every node is enabled at least k times. 


Proof. A node executes only if it is currently enabled. From Lemma 
11 and the definition of a round, if node node v executes ¢ times within 
the first do[v] + 2t — 1 rounds, it has to be enabled t times within the first 
do|v] + 2t — 2 rounds. 

Algorithm SSDS works under the unfair distributed daemon. A suf- 
ficient condition to prove that a certain algorithm works under the unfair 
daemon is to show that a continuously enabled node eventually becomes the 
only enabled node. If a node v is enabled but not selected by the distributed 
daemon, it remains enabled (Proposition 13). Since the unfair daemon must 
select a non-empty subset of the enabled nodes in every computation step, 
it will be forced to select v (Proposition 14). 


Proposition 13 If a node v is enabled to execute but is not selected by the 
daemon, it remains enabled until it will be selected. 


Proof. If some node v is enabled, neither of the existing neighbors is 
enabled (Proposition 5). The neighboring nodes remain disabled until v 


executes. 


Proposition 14 Every continuously enabled node will be eventually se- 
lected by the unfair distributed daemon after a finite number of rounds. 


Proof. By contradiction. Assume that there exists a continuously 
enabled node v, but the unfair daemon never selects it for execution. Since 
an execution of Algorithm SSDS is infinite, starting from any arbitrary 
state, then there exists at least one node u, u # v such that u is executed 
infinitely often. 

If node u executes infinitely often, then both neighbors of u execute 
infinitely often. The reason is as follows: After u executes, it becomes 
disabled (Proposition 7); the arrows (or the arrow, for the chain extremities) 
to u are reversed. Node wu becomes enabled again only after its neighbors 
execute and reverse again the arrows. 

Let A be the maximal set of nodes in the chain that execute infinitely 
often. Thus, if wu € A, then left(u), right(u) € A. Recursively, the left and 
the right neighbors of left(u) and right(u) are also in A. Thus A consists 
of all nodes. By our assumption, v ¢ A, which is a contradiction to the 
statement that A consists of all nodes. 
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4 Self-Stabilizing Local Mutual Exclusion Algo- 
rithm CLME 


Each node holds a variable S that takes values in the set {A,B}, and a 
Boolean variable request that is true whenever the process requests access 
to its critical section C'S. For a node v, let S = S.v and request = request.v. 
Predicate check(v,1) has been defined in Section 3. 


Actions for any node v 


ABB S=BQAcheck(ly, A) A check(r,,B) —> if request then CS; request = false 


S=A 
BAA S=AQdAcheck(l,, B) A check(ry,A) —>_ if request then C'S; request = false 
S=B 


Figure 5: Algorithm LME 


A protocol solves the local mutual exclusion problem if any configura- 
tion of the system running the protocol has two properties ({11]): (i) safety 
- no two neighboring nodes have guarded commands that execute the crit- 
ical section (CS) enabled, and (ii) liveness - a node requesting to execute 
its CS will eventually do so. 

Proposition 5 shows that Algorithm CME has the safety property. 
Proposition 6 shows that Algorithm L£ME has the liveness property. 


5 Self-Stabilizing Distributed Sorting Algorithms 


In this section we present three algorithms for the distributed sorting prob- 
lem in an oriented chain: A_S; (in Section 5.1), S; (in Section 5.2), and 
S_ (in Section 5.3). Algorithm A_S, is implemented in the EREW model. 
Algorithms S; and Sg are implemented in the shared memory model. 

Let x and y be two values to be swapped. Swapping can be done in 
three steps without using an extra variable as follows: x =x+y,y=2-y, 
andxz=x-y. 


5.1 Distributed Sorting on an Oriented Chain 


Each node, besides the variable S, holds one variable IV to be sorted. 
Algorithm A_S; (Figure 6) is a particular case of Algorithm SSDS, in which 
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the macro execute(v) is replaced by the macro swap(v,ry) that swaps the 
values IV.v and IV.ry. 

In the EREW model of communication, in order to execute the swap 
a node v modifies the IV variables of its right neighbor r,. 

Intuitively, since by executing Algorithm SSDS, local mutual exclusion 
is satisfied in any configuration, a node can synchronize the swap with its 
right neighbor. We assume for now that the swap is done in one atomic 
step (macro swap), and we show in Sections 5.2 and 5.3 how the swap is 
actually done in the shared memory model. 

For a node », let S = S.v, 5; = Sly, Sp = S.ry. Predicate check(v) has 
been defined in Section 3. 


Macro swap(v, w) :: 
if(w ALAIV.v > IV.w) then IV.v = 1V.u + 1V.w; 1V.w = IV.v — IV.w; IV.u = IV.u — IV.w 


Sorting actions for any node v 
ABB S=BAcheck(ly, A) A check(ry,B) —> swap(v,rv); 


S=A 
BAA S=ANcheck(l,, B) A check(r,,A) —> swap(v,ry); S=B 


Figure 6: Algorithm A_S; (EREW Model) 
Algorithm A_S; is deterministic. 


5.2 Sorting in the Shared Memory Model using Constant 
Space 


In Algorithm S; (Figure 7), a node v holds three variables: variable [V 
to be sorted, a variable S € {A,B, X,Y}, and a variable tmpS ¢€ {A, B}. 
Variable tmpS stores the value of variable S temporarily while the swap is 
performed. 

For some node v, let S = S.v, IV = IV.v, tmpS = tmpS.v, S; = Sily, 
IV, = IV.ly, Sp = S.ry, IV, = IV.ry. Macro swap'(v, ry, value) executes the 
first step of swapping between node v and its right node ry, and the value 
value to be given to variable S.v after the swap is performed is stored in 
variable tmpS.v. Predicate check(v) has been defined in Section 3. 

The guards C1-C3 “correct” the variable S of the node to some value 
in the set {A, B} (a result of a fault or arbitrary initialization). 

In order to perform the swap, nodes v and r, need to change their 
variables $, from either A or B to either X or Y. Since node v will change 
the value of its S after the swap, the future value of S.v and the value of S.r, 
are stored in variables tmpS.v, respectively tmpS.ry, by each node. Node v 
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Macro swap’ (v, w, tS) :: 

if(wALAIVv > IV.w) then tmpS.v =tS ;IVv0 =IV.v+1V.w 5 Sv=X 
Sorting actions for any node v 

ABB S=BAcheck(l,, A) A check(r,,B) —> swap'(v,rv, A) 
BAA S=AAcheck(l,,B) A check(ry,A) —> swap'(v,rv, B) 


Synchronizing actions for any node v 


S1 SE{A, BAL ALAS, =X > IV=IV,-IV ;tmpS=S;S=Y 
S2 S=XArALAS-=Y > IV=IV—-IV,;S=tmpS 

S3 S=YAWALAS FAX S=tmpS 

C1 S=Y AG Hck S=tmpS 

C2 S=XAry=L S=tmpSs 

C3 S=XAnmALAS-=X — S=tmpS 


Figure 7: Algorithm S, (Shared Memory Model) 


changes its S to X (macro swap’) and node ry changes its S to Y (Guard 
S1). The swap started by node v already in macro swap’ is continued by 
node ry, in Guard $1, and finished by node v in Guard S2 (where it also 
restores its S'). Once the swap is done, their S values are restored to A or 
B, node v is in Guard $2, and node r, is in Guard $3. 

In Figure 8, nodes v and ry, need to swap their values. The state of a 
node is an ordered triple, (S, IV, tmpS)). 


swap’(v.t, .B) 
X;6;B =a = Bids 


¥. AS 5: BAA(v) ae sv) 


ty Ash L we SA 3m) A353 _ 


Figure 8: Nodes v and ry, swap their IV values 


Algorithm Sj, is deterministic also. 


5.3 Sorting in the Shared Memory Model using an Extra 
Variable 


In Algorithm S2 (Figure 9), a node v holds three variables: variable IV to 
be sorted, a variable S € {A, B}, and a variable tmpIV. Swapping between 
values IV.v and IV.r,, when unsorted, is done in three steps as follows: 
tmplV.u — IV.v, [Viv — IV.ry, [V.ry — tmplvV.v. 

For some node v, let S = S.v, IV = IV.v, tmplV = tmplVv.v, S, = Sly, 
IV, =1IV1,, Sp = Sry, IV, = IV-1y. 
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Macro macro sort(v,ly, ry) contains two if-statements. The first state- 
ment (called £,) checks whether node |, has started the swap with node 
v (Steps 1. and 2. have been performed at node 1,); if yes, then node v 
executes Step 3. The second statement (called Lz) checks whether node v 
needs to swap with node ry; if yes, Steps 1. and 2. are performed. 


Macro sort(v, u,w) :: 
if(uA LAIVu=IV.vA IV.u < tmplV.u) then IV.v = tmplV.u /* statement L1 */ 
if(w A LAIV.v > IV.w) then tmplV.v = IV.v ; IV.v = 1V.w /* statement L2 */ 


Sorting actions for any node v 
ABB S=BQAcheck(l,, A) \ check(r,,B) —> sort(v,ly,rv); S=A 
BAA S=ANcheck(ly, B) A check(r,,A) — sort(v,lv,rv); S=B 


Figure 9: Algorithm Sy (Shared Memory Model) 


Assume that node v and its right neighbor r, need to swap, and node 
v is enabled. Then node v executes the macro sort, stores in tmpIV.v its 
value [V.v and in IV.v the value of [V.r,, and becomes disabled. When 
node r, becomes enabled, it will store in IV.r, the value of tmpIV.v and 
then compares it with the value of its right neighbor, and so on. 

In Figure 10, nodes v and ry need to swap their values. The state of a 
node is an ordered triple, (S,1V,tmpIV). 


L2 


SN Bi 
Vv A; 5 35 _ » B;1;5 
" we BAA(v) 
L2 Ll 
Lia,) 
Ty A; 1 ay nce BAAC, ) A; ae 


Figure 10: Nodes v and ry swap their IV values 


Algorithm S»2 is deterministic also. 


6 Algorithm SSDS as a Read/Write Atomicity 
Protocol 

The authors of [12] distinguish between composite and read/write atomicity 

algorithms as follows. The guards of the guarded actions in a read/write 


atomicity algorithm include either only the node’s variables or the node’s 
variables of its neighbors but not both (mixed). A composite atomicity 
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algorithm contains at least one mixed guard; the vast majority of the self- 
stabilizing algorithms are composite. 

Algorithm SSDS is composite and in this section we show why it does 
not work under the read/write atomicity model without adding other vari- 
ables, thus increasing the memory requirements per node. 

A node remembers three values: its own, and a copy of each of its 
neighbors’. The node’s own value is represented as a capital letter, the 
copies of its neighbors’ as small letters to the left and right. The end nodes 
remember only two variables. For example, if a node’s own value is A, its 
copy of its left neighbor’s value is B, and its copy of its right neighbor’s 
value is A, we write the node as: bAa. 

A global configuration is represented by a string over {A, B,a,b}. We 
define the following two codes: 


e Node codes. Each node is represented by a string of two symbols if it 
is an end node, three symbols otherwise. 


The regular expression for the left node’s code is (A+B)(a+b). The 
regular expression for the right node’s code is (a+b)(A+B). The reg- 
ular expression for any other node’s code is (a+b)(A+B)(a+b). 


The global code string is the concatenation of the node codes. Here 
is an example global code string: AabAbbAaaBbaA In this example, 
the node codes are: Aa, bAb, bAa, aBb, aA. 


e Edge codes. An edge code is the four-symbol substring of the code 
string starting and ending with either A or B. The regular expression 
for an edge code is (A+B)(a+b)(a+b)(A+B). In the example, the 
edge codes are: AabA, AbbA, AaaB, BbaA. 


For each of the two codes, we define grammars as follows: 


e Node grammar. 

We define the following node grammar, where symbol * refers to an 
arbitrary symbol that remains unchanged during the replacement step: 
Aa — Ba 

Bb— Ab 

bA > dB 

aB—-aA 

bAa — bBa 
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aBb — aAb 
*a — *b 
*b > *a 
ax — bx 
bk — ax 
**Ga—> * «bd 
**bo**a 
a*k* > b*x 


b* x + axx There are actually 30 different replacement rules in the 
node grammar, since each * could represent either of two choices. 


e Edge grammar. 


We define the following edge grammar, where symbol * refers to an 
arbitrary symbol that remains unchanged during the replacement step: 
Aax* — Bax x 


Bbxx— Abx x 
A «bx > Ax* ax 
Bxrax — B x bx 
*xa* B—>+*b*B 
*xbx A — xax A 
**aB—ox*«xaAd 


**bA—>**bB 


There are actually 32 different replacement rules in the edge grammar, 
since each * could represent either of two choices. 


A change in the global code is permitted in one step (do not confuse 
“step” with “round”) if and only if every edge code substring either does 
not change or is replaced using a rule of the edge grammar, and every node 
code substring either not change or is replaced using a rule of the node 
grammar. 

For example, AabAbbAaaBbaA may change to AaaAbbBaaBbbA, since 
all the following substring changes are permitted: 

AabA — AaaA 

AbbA — AbbB 

AaaB — BaaB 

BbaA — BbbA 
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Aa — Aa 

bAb — aAb 
bAa — bBa 
aBb — aBb 


aA—bA 
Here are changes that are allowed: 
* « *AabB *« ** > * * *AbaB * ** 
**bAa* Abx A— *«*«bBax Aa*xA 
* * bAaaBb « * — *« * bBaaAb * * 
Changes that you might think are allowed but are not: 
AxbxaxB—Axaxb*B 
* « kAaaBb * * 3 * * kAbaAb « * 
although each can be accomplished in two steps: 
AxbxaxB—oAxaxaxBoAxaxbd*«B 
* * *AaaBb * * > *« * *AbaBb * * — *« * *AbaAb « * 


The edge codes can be divided into good and bad edges. Of the 16 
possible edge codes, 8 are good and 8 bad: 
AaaA good AaaBbad <AabA bad <AabBbad AbaA good AbaB good 
AbbA bad AbbB good BaaA good  BaaB bad BabA good BabB good 
BbaA bad BbaB bad  BbbA bad — BbbB good 


If an edge is bad, it can stay bad or become good. If an edge is good, 
it cannot become bad. If all edge codes of a global code are good, we say 
that the global code is good, otherwise we say the global code is bad. 

In order for a read/write atomicity protocol based on the Algorithm 
SSDS to be self-stabilizing, we must show that: (i) convergence - Any bad 
global code will become good, and (ii) closure - A good global code cannot 
become bad. 

We show that the convergence property does not hold in an asyn- 
chronous system. Specifically there is some initial global code string, such 
that, for any N, that the string does not become good after N rounds. 

Consider the starting configuration AaaBbaBbbAabA. This configura- 
tion is bad (illegitimate), since all the nodes are enabled to enter CS (every 
edge is bad). Consider the following possible path of execution of some 
in the read/write atomicity protocol based on the Algorithm SSDS in an 
asynchronous system. 

AaaBbaBbbAabA — BaaBbaAbbAabB — BbaBbaAabAabB — 

BbaBbbAabAaaB — BbaAbbAabBaaB — BbaAabAabBbaB — 
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BbbAabAaaBbaB — AbbAabBaaBbaA — AabAabBbaBbaA > 

AabAaaBbaBbbA — AabBaaBbaAbbA — AabBbaBbaAabA — 

AaaBbaBbbAabA 

Namely, after 12 steps, the execution ends in the starting configuration, 
without reaching a good (legitimate) state. Since every symbol in the string 
changes once in the first six steps, and once more in the next six steps, the 
sequence takes at least two rounds. We conclude that the convergence does 
not hold for this model. 


7 Conclusion 


In this paper, we present the first self-stabilizing distributed algorithm for a 
given synchronization problem on asynchronous oriented chains (Algorithm 
SSDS). The algorithm is optimal in space complexity and asymptotically 
optimal in time complexity. We then give two applications of the proposed 
algorithm for oriented chains: a time and space optimal solution to the local 
mutual exclusion problem (Algorithm CME), and distributed sorting. In 
solving distributed sorting, two shared memory self-stabilizing algorithms 
are proposed: a space and (asymptotically) time optimal solution (Algo- 
rithm S,), and an almost time optimal solution (Algorithm S2). All al- 
gorithms are self-stabilizing and uniform, and they work under the unfair 
distributed daemon. 

Algorithm SSDS can be used to obtain optimal space solutions for 
other problems such as broadcasting, leader election, and mutual exclusion. 
It can also be extended to other oriented topologies such as oriented rings, 
rooted trees, directed acyclic graphs (DAG). 
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